tcpdump capture script: check permissions to fix running in a netns
This might be all caps (=ep), or a list of all caps. Change-Id: I75f7af6cc67e96ffb7b002591f7f7d1da9b5a51d
This commit is contained in:
parent
85cc161c0d
commit
c01eada147
|
@ -42,6 +42,19 @@ if [ -x $DUMPCAP ]; then
|
|||
/sbin/setcap -q -v 'cap_net_admin,cap_net_raw=pie' $DUMPCAP
|
||||
CAP_ERR="$?"
|
||||
fi
|
||||
|
||||
# did we implicitly inherit all those caps because we're root in a netns?
|
||||
if [ -u $DUMPCAP -o "$CAP_ERR" = "1" ]; then
|
||||
getpcaps 0 2>&1 | grep -e cap_net_admin | grep -q -e cap_net_raw
|
||||
CAP_ERR="$?"
|
||||
fi
|
||||
|
||||
# did we implicitly inherit all those caps because we're root in a netns?
|
||||
if [ -u $DUMPCAP -o "$CAP_ERR" = "1" ]; then
|
||||
getpcaps 0 2>&1 | grep -q -e " =ep" # all perms
|
||||
CAP_ERR="$?"
|
||||
fi
|
||||
|
||||
if [ -u $DUMPCAP -o "$CAP_ERR" = "0" ]; then
|
||||
CMD="$DUMPCAP -q"
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue